On 04/01/2016 12:44, Jan Cholasta wrote:
My question is, what is the correct way of installing a 3rd party
certificate for HTTP/LDAP that will actually work?

1. Install the CA certificate chain of the issuer of the 3rd party
certificate to IPA using "ipa-cacert-manage install"

2. Run "ipa-certupdate" to update CA certificate related IPA configuration.

3. Manually import the server certificate into the
/etc/dirsrv/slapd-REALM NSS database, configure the correct nickname in
LDAP in the nsSSLPersonalitySSL attribute of
cn=RSA,cn=encryption,cn=config and restart DS.

4. Manually import the server certificate into the /etc/httpd/alias NSS
database, configure the correct nickname in /etc/httpd/conf.d/nss.conf
using the NSSNickname directive and restart httpd.

Is there any chance you can confirm the exact commands I need to run to accomplish the above steps? I don't want to risk breaking our production servers.

BTW, do we have an up-to-date documentation about this process in FreeIPA 4.2? I failed to find one.

Many thanks in advance.

--
Kind regards,
 Peter Pakos

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to